Rick, Thanks for this very clear explanation. I've got away recently with single servers but am now planning for multiple TSes. Presumably I therefore need to export the Shadow Key to any new servers. How does the time-stamp on this work? Presumably it takes the time of the import of the key and compares it to the user (roaming profile) settings? How do I prevent the Shadow key overwriting user settings in this scenario? Nick If a software installation is done in "install" mode and it updates any keys under HKCU\Software, the values will be copied to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software (otherwise known as the shadow key). If an admin session is in "install" mode when the admin runs up an changes any app settings, these settings will also be copied to the shadow key. When a user runs up an application, if the appropriate registry values aren't already there or they are older than the values in the shadow key, they'll get populated from the shadow key. In single server scenarios, this is can be a really usefull way to propagate application settings. However if the shadow key isn't identical on all your servers and has a different timestamp on each server, then things can get interesting.